Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1160
Views
0
Helpful
3
Replies

UPN making user not known

Go to solution
runibifadihu
Level 1
Level 1

‎07-30-2021 06:52 AM

Hi,

I am trying to setup DUO proxy but i am stuck. To login on LDAP i need to send user@UPN (user@example.com) to DUO proxy but user is registered in DUO as user (not as user@UPN) and i am getting error saying that that user is not registered. Below is log output:

user binddn fetched: username=user binddn=user@example.com
ldap bind failed: error=“LDAP Result Code 49 “Invalid Credentials”: Please enroll at https://■■■■■■■■■■■■■■■■■■■■■■/portal?code=code&akey=akey

Is there way to strip down UPN from DUO request and query LDAP with just user from proxy side or is my only option to add alias for every user with every UPN i use(i have multiple UPN-s)?

Best regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎08-05-2021 02:19 PM

There are a few options here that may or may not apply…

  1. Enable username normalization on the Duo LDAP application. This requires that the UPN prefix matches the username in Duo (“someuser” = “someuser@example.com”.

  2. Add the “someuser@example.com” UPN value as a username alias to the existing “someuser” Duo username.

There’s an option for [ad_client] that lets you specify the username attribute, but this is the attribute matched for primary auth, and doesn’t change the LDAP username received by the Duo proxy from the requesting application or service.

Duo, not DUO.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
runibifadihu
Level 1
Level 1

‎08-02-2021 12:59 AM

Is " Policy & Access Control forum" right section for this question?

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎08-05-2021 02:19 PM

There are a few options here that may or may not apply…

  1. Enable username normalization on the Duo LDAP application. This requires that the UPN prefix matches the username in Duo (“someuser” = “someuser@example.com”.

  2. Add the “someuser@example.com” UPN value as a username alias to the existing “someuser” Duo username.

There’s an option for [ad_client] that lets you specify the username attribute, but this is the attribute matched for primary auth, and doesn’t change the LDAP username received by the Duo proxy from the requesting application or service.

Duo, not DUO.
0 Helpful

Go to solution
runibifadihu
Level 1
Level 1
In response to DuoKristina

‎08-06-2021 04:04 AM

Thank you so much. Option 1. is what i was looking for

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents